Web security is a term we’ve constantly been hearing about in recent days, especially in the news. We’ve seen an onslaught of high-profile hacks, most notably the 2016 US presidential election. Web security will always be a hot topic because of the constant development of technology and how, as a society, we will continue to rely on it. Attacks happen for a number of reasons, but it is usually due to human error. It can be a flaw in the code, an unsecure network, and so on. This can create holes for attackers to get in and cause damage.
This begs the thought, what exactly is web security?
In short, web security is the security of websites, web applications, and web services.
Increased information sharing has emerged in recent years, especially through social networking and increased e-commerce business, and has increased direct attacks. We are seeing web application attacks happen through XSS and SQL injection attacks (this is usually a result of a flaw in the code). We are also seeing increased phishing attacks. But what does this mean for businesses, and what can they do to help prevent these attacks?
When a business is going through the process of setting up their website or web application, they should consider what type of information, if any, is considered sensitive. For instance, if you have a signup and require a password, what security measures are you taking to make sure that the password cannot be stolen? Businesses can take steps to be preventive rather than reactive and, in the end, save themselves a big headache when they are done.
But back to what is important: security. Businesses can take steps in order to ensure the integrity of their data and utilize strategies to counteract an attack.
Establish the importance of security from the beginning with employees
It can be very easy to forget that an employee carries sensitive information within and outside the workplace. It should be emphasized from the beginning of the hiring process that this sensitive information should always be protected. As an employer, you can take preventive measures to ensure that this is followed by having certain websites blocked on your network, making employees choose passwords that are complex, or set an expiration on passwords where they must be renewed after a certain time.
Have a strong network
One of the most important security measures you can take is to have a strong network. This means you should have a proper firewall to capture bad data packets, and it should be included on all employee-operated equipment like computers, cellphones, and tablets.
One of these solutions could be establishing a virtual private network or VPN. This allows employees who work from home and have remote access to remain secure. A VPN would protect your data through encryption and tunnel protocols. VPNs provide the integrity of security needed with sensitive data.
Train your employees
As an employer, you should take the time to invest in your employees, and this should include telling them about the importance of security. Take the time to make sure an employee knows how to recognize a phishing e-mail or attack, why clicking on a pop-up link is harmful to the company, or how to recognize a data breach.
Vendor compliance
Many times, businesses must use outside vendors to accomplish a certain goal. But what is that vendor doing to make sure that they are keeping the integrity of your data safe and secure. When onboarding a new vendor, it should be part of your protocol to look at how they store your data and whether they comply with data protection regulations.
Monitor your employees
The biggest advice my dad has ever given is this: no one is your friend. Employees are your employees. Some employees have access to sensitive information, and it is up to you to take the protective measures to ensure that information always remains secure.
Run the occasional assessment
On occasion, you should run an assessment of where the security vulnerabilities in your network are and what you can do to rectify them. This is when you should seek an outside resource to perform this because they don’t have a bias. They would be able to clearly identify the loopholes and make recommendations to fix them.
Web security is going to be an ongoing topic in today’s world. When it comes to businesses, it’s not a matter of “if” an attack happens; it is now a matter of “when” it will happen. Businesses can take preventative measures to help ensure they do not fall victim to an attack.
About the author
Mary Gualtieri is a full-stack web developer and web designer who enjoys all aspects of the Web and creating a pleasant user experience. Web development, specifically frontend development, is an interest of hers because it challenges her to think outside of the box and solve problems, all while constantly learning. She can be found on GitHub as MaryGualtieri.